Another rootkit found in Sony software

USB MicroVault ships with secret software

Shares

Remember the Sony BMG rootkit scandal of 2005? Well apparently Sony is at it again. And this time the Japanese company is not propagating rootkits via music CDs, it's doing it with biometric USB sticks.

"This USB stick with rootkit-like behaviour is closely related to the Sony BMG case. First of all, it is another case where rootkit-like cloaking is ill advisedly used in commercial software. Also, the USB sticks we ordered are products of the same company - Sony Corporation," says security firm F-Secure.

F-Secure says it believes the USB stick's MicroVault software is cloaking files to protect the fingerprint authentication from tampering and bypass. That would make sense because if the fingerprint files were accessible it would be easy to bypass the security.

"However, we feel that rootkit-like cloaking techniques are not the right way to go here," F-Secure says on its website. "As with the Sony BMG case we, of course, contacted Sony before we decided to go public with the case. However, this time we received no reply.

More Sony rootkits

The Sony USB stick in question appears to no longer be in production so this could all be a non-problem. There were some reports on Friday that the PC version of new smash hit game Bioshock contained a rootkit, but this has turned out not to be the case.

A rootkit is effectively a piece of spyware that sends user information back to the company or individual that created it. This harms user privacy, and rootkits can even be used to install viruses and other malware.

Sony BMG's use of a DRM rookit on some US audio CDs caused numerous problems for PC users. It resulted in a in series of class-action lawsuits and software recalls that cost the record label millions of pounds.